Check load, number of requests per IP, number of running processes, database load, mysql `show processlist;`

Inform the client about the taken actions

When the attack is over lower the alert status

Inform the client about lowered alert status

Nginx configuration

You can limit the rate at which nginx accept incoming requests to a value typical for real users. For example, you might decide that a real user accessing a login page can only make a request every 2 seconds. You can configure nginx to allow a single client IP address to attempt to login only every 2 seconds (equivalent to 30 requests per minute):